KR20170110679A - Access control for encrypted data within machine-readable identifiers - Google Patents

Abstract

Various embodiments are disclosed for providing access control for data that is the basis of a single machine-readable identifier when read by various reader devices. The client device may receive a first encryption key associated with the first device profile and a second encryption key associated with the second device profile. The data provided through the gathering process is formatted with at least a first data portion and a second data portion, wherein the first data portion is for a first reader device and the second data portion is for a second reader device . The first data portion may be encrypted using the first encryption key and the second data portion is encrypted using the second encryption key. The machine readable identifier may be generated using the encrypted first data portion and the encrypted second data portion.

Description

Access control for encrypted data within machine-readable identifiers

Cross-reference to related application

This application claims priority to U.S. Provisional Patent Application No. 62 / 127,404, filed Mar. 3, 2015, entitled " Method for Generating Identifiers Having Encrypted Health Information, " Incorporated herein by reference.

TECHNICAL FIELD OF THE INVENTION

The present disclosure relates to cryptanalysis, machine readable identifier technology, data security, and to some extent, computer vision.

The machine readable identifiers can be used to format data into a medium that is recognizable by a reader device, such as a barcode or matrix code scanner. However, any person with a suitable reader may obtain data embodied in a machine-readable identifier unless the underlying data is encrypted. It is still a problem to manage which devices can access encrypted data with machine readable identifiers.

Many aspects of the present disclosure may be better understood with reference to the following drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the invention. Also, in the drawings, like reference numbers indicate corresponding parts in the several views.
1 illustrates an example of a network environment for providing access control for information collected by a client application in accordance with various embodiments.
Figure 2 illustrates another example of a network environment for augmenting and updating content data using encrypted machine readable identifiers in accordance with various embodiments.
FIG. 3 illustrates a data structure used to create a machine-readable identifier having portions of encrypted data using multiple keys in accordance with various embodiments.
Figure 4 includes a table showing the capacity of the 40-L version matrix code.
Figure 5 includes a table showing the mode indicator bits for the mode of encoded data.
6 is a flow diagram illustrating an example of encryption and encoding of data for use in a machine readable identifier in accordance with various embodiments.
Figures 7A-7N illustrate various examples of user interfaces created by a client application in accordance with various embodiments.
8 is a pseudo-code illustrating an example of code used to configure a computing device or client device to generate a machine-readable identifier in accordance with various embodiments.
Figure 9 illustrates an example of updating and augmenting data at a client device using a machine-readable identifier generated by another device in accordance with various embodiments.
10-12 are flowcharts illustrating the functionality of a client application running on a client device in accordance with various embodiments.
Figures 13 and 14 are flow charts illustrating the functionality of a remote application running in a computing environment in accordance with various embodiments.
Figures 15-17 are schematic block diagrams that provide exemplary illustrations of computing environments, client devices, and reader devices used in the network environments of Figures 1 and 2, in accordance with various embodiments.

The present disclosure relates to access control for segmented data in machine readable identifiers. Machine readable identifiers such as bar codes, matrix codes or other similar identifiers may be used to format the data into a medium that is recognizable by a reader device, such as a bar code or matrix code scanner. Although machine readable identifiers may be used to transfer data from one device to another without using a wired or wireless network, persons with suitable readers may implement the machine readable identifier unless the underlying data is encrypted Data can be obtained. Since the underlying data may be sensitive, the user may want to control which portions of the underlying data can be read by the various devices.

For example, in some embodiments, the medical information may be encoded with a machine-readable identifier. People sometimes need to generate sensitive data that they want to keep private (for example, providing a medical force during a visit to a clinic). In addition to medical history, other personally identifiable information is usually needed in chiropractors, holistic medicine providers, veterinarians, emergency centers, dentists, insurance companies, and so on. Family members may be responsible for providing this information to health care providers on behalf of their relatives when relatives are unable to provide this information.

While a person may want to provide a full force to his general practitioner (GP), he may not want to provide a full force to other providers, such as a chiropractor or dentist. Instead, you might want to limit your data to something that is relevant to a healthcare professional. Thus, in various embodiments, one machine readable identifier may be encoded using the data, in which case the different instruments may read different portions of the data. For example, an individual may allow his or her generic to acquire a complete history from a matrix code, but a chiropractor uses the same matrix code to acquire only a subset of the troops as authorized by the user .

In accordance with various embodiments, a user may use his or her electronic device, such as a smartphone or a tablet, to create a medical intake, in contrast to the standard practice of creating a medical form using a pen and paper. information can be provided. Information that medical, personal, and other sensitive information that users provide through electronic devices can be sensitive, so transferring information over the network raises concerns. For example, information may be leaked using packet sniffing software or an unauthorized access point. In addition, databases in which information is stored may be hacked. As such, machine readable identifiers, such as bar code or matrix code, can be used to convey information between peripherals without using a network.

However, machine-readable identifiers generally rely on open source or transparent standards, which open source or transparent standards make interpretation of data implemented with machine-readable identifiers vulnerable to unauthorized access. For example, if the medical information is implemented in a matrix code, all commercially available matrix code readers may obtain the medical information. The underlying data can be encrypted, but only those devices that have access to the appropriate key can decrypt the data. However, the sharing of a single key by several devices discourages a person from providing the entire information. Because he can recognize that all devices with keys can access his information.

Thus, in the embodiments described herein, access control for segmented data in machine readable identifiers can be provided. In one embodiment, a client application executable on a client device can be configured to receive a first encryption key associated with a first device profile and a second encryption key associated with a second device profile over a network. The client application may facilitate collection of input data from a user through an ingestion process that may include a series of user interfaces that allow a user to enter various data. Once received, the client application may split the input data into at least a first data portion and a second data portion, or otherwise format the input data into at least a first data portion and a second data portion. For example, the first data portion may be interpreted by a general purpose reader device, but the second data portion may be interpreted by an acupressure use reader device.

The client application can interpret the first data portion using the first encryption key and interpret the second data portion using the second encryption key. A remote application, referred to herein as a key management application, may be executed on a remote computing device, such as a server, and may supervise the transmission and reception of keys capable of decrypting the data as authorized by the user. Alternatively, in other embodiments, the receiver device may be associated with a key in a remote computing environment. The remote application may provide the client application with a key for the receiver device, whereby the information is encrypted for access by the receiver device. Finally, the client application may generate the machine readable identifier using the encrypted first data portion and the encrypted second data portion for rendering on a display accessible by the client device. The receiver device may capture one or more images of the machine-readable identifier to access underlying data using automatic image analysis and computer vision.

As a non-limiting example, a user of a client application may grant a high level of access to his or her general user, in which case the general user may use his or her device to access all input data provided by the user of the client application Access. Key management applications can send keys to not only general purpose devices but also user devices. Similarly, the key management application may send keys to a device for a chiropractor or other health care provider and to a user device. The client application may encode data approved for receipt by the acupressurist using a different key for the acupressurist while encoding the accepted receipt by the general public using the corresponding key. To this end, a single machine readable identifier is used to provide access control to the underlying data of the machine readable identifier.

As can be appreciated, because there are several ways to intercept data transmitted over the network, there is a technical problem to transmit sensitive data between devices without using the network. Additionally, there are technical problems because there are many ways in which network stored data (data stored on a network device) can be obtained without permission. Accordingly, the embodiments described herein solve a technical problem by suggesting a method for transmitting sensitive data between devices without using a network to transmit and receive sensitive data.

While the present disclosure provides numerous examples relating to healthcare data, the embodiments contained herein are applicable to many industrial applications. Additionally, the present disclosure provides examples relating to matrix codes and other similar machine-readable identifiers. However, in some embodiments, visual image recognition may be used to identify data encoded in different types of images, such as those used in the Clickable Paper ™ application marketed by RICOH®.

In the following discussion, a general description of the system and its components is provided, followed by a description of the operation of the system and its components.

Referring to Figure 1, a network environment 100 in accordance with various embodiments is shown. The network environment 100 includes a computing environment 103, a client device 106, and a reader device 109 that are in data communication with one another via a network 112. In various embodiments, the client device 106 and the reader device 109 may not convey any information from one device to another via the network 112 other than the encryption keys, and will be described below. The network 112 includes, for example, the Internet, an intranet, an extranet, a wide area network (WAN), a local area network (LAN), a wired network, a wireless network, . For example, such networks may include satellite networks, cable networks, Ethernet networks, and other types of networks.

The computing environment 103 may include, for example, a server computer or any other system that provides computing functionality. Alternatively, the computing environment 103 may use a number of computing devices that may be located, for example, in one or more server banks, computer banks, or other devices. Such computing devices may be deployed in a single facility, or may be distributed among many other geographic locations. For example, computing environment 103 may include a plurality of computing devices that may include hosted computing resources, grid computing resources, and / or any other distributed computing device. In some cases, the computing environment 103 may be responsive to resilient computing resources where the allocated capacity of processing, network, storage, or other computing related resources may change over time.

Various applications and / or other functions may be executed in the computing environment 103 in accordance with various embodiments. In addition, the various data are stored in a data store 115 that is accessible to the computing environment 103. The data store 115 may represent a plurality of data stores 115 as can be appreciated. The data stored in the data store 115 relates to the operation of the various applications and / or functional entities described below, for example.

The components that run on the computing environment 103 may include other components such as, for example, a key management application 118, a translator service 120, a delegated messaging service 122, and other applications, services, Systems, engines, or functions. The key management application 118 may be executed to supervise the transmission and reception of the various encryption keys 121a-121c stored in the data store 115, which will be described later.

Translator service 120 may be implemented to translate user input from a first language such as Spanish to a second language such as English. In some embodiments, translator service 120 may be used to translate questions stored in computing environment 103 for use in the gathering process from a first language to a second language.

The direct messaging service 122 may be used to send encrypted direct messages from the client device 106 to another device over the network. In one embodiment, an executable application on the client device 106 encrypts the message generated by the user of the client device 106 and forwards the encrypted message over the network to the direct messaging service 122, The direct messaging service 122 sends the encrypted message to the receiving client device 106. In one example, the direct messaging service 122 allows a patient to communicate directly with his or her health care provider. In other embodiments, the messages may be communicated between client devices 106 using a machine readable identifier, as will be described below.

In further embodiments, the computing environment 103 may include applications or services that provide a cloud-based repository of encrypted information (e.g., encrypted health information), but in other embodiments, Information may not be stored in the computing environment 103.

The client device 106 represents a plurality of client devices that may be connected to the network 112. The client device 106 may comprise a processor-based system such as, for example, a computer system. Such a computer system may be a desktop computer, a laptop computer, a personal digital assistant (PDA), a cellular phone, a smart phone, a set top box, a music player, a web pad, a tablet computer system, a game console, an electronic book reader, And may be implemented in the form of other devices having similar functions. The client device 106 may include a client device display 124 and the reader device 109 may include a reader device display 127. The client device display 124 and the reader device display 127 may be any suitable display device such as, for example, a liquid crystal display (LCD) display, a gas plasma based flat panel display, an organic light emitting diode (OLED) A projector, or other type of display device, and the like.

The client device 106 may be configured to execute various applications, such as the client application 130 and / or other applications. The client application 130 may be executed on the client device 106 to perform, for example, a gathering process whereby a series of user interfaces 131a are rendered on the client device display 124, Prompt. In one example, one or more questions are provided to the user to obtain personal information, medical information, or other appropriate information. The one or more questions may be obtained from the computing environment 103 or hard-coded in the client application 130.

The client application 130 may encrypt the user input and may generate the machine readable identifier 133 with the encrypted user input. As can be appreciated, the reader device 109 uses the reader application 136 to interpret the machine-readable identifier 133 and access the encrypted user input. Using one or more encryption keys 121, the reader application 136 may decrypt the encrypted user input for local storage on the reader device 109 or for remote storage.

In some embodiments, the client application 130 and the reader application 136 may include, for example, a browser, a dedicated application, and the like, and may include a user interface 131a or a reader application 136 may include a network page, an application screen, and so on. The client device 106 may be configured to execute applications other than the client application 130, such as, for example, an email application, a social networking application, a word processor, a spreadsheet and / or other applications.

The reader device 109 may be a front-facing imaging device 139 or a rear-facing imaging device, such as a camera or other device capable of interpreting the machine- Time). The reader application 136 may be executed on the reader device 109 to capture one or more images of the machine readable identifier 133 generated by the client application 130. [ Similarly, the client device 106 may include one or more imaging devices, such as a full-direction or a back-direction camera. In various embodiments, the reader application 136 is further implemented to decrypt the encrypted user input obtained from the machine-readable identifier 133 and to present the health information to the reader device display 127.

The reader application 136 may be configured to maintain a version of the data provided by the user and to generate an appropriate interface that facilitates navigating between particular types of data or other versions. The client application 130 may be configured to refrain from transmitting medical or other types of information over the network 112 but in some embodiments the reader application 136 may send the data to a HIPAA- To a remote or cloud-based service such as < RTI ID = 0.0 > The computing environment 103 may be configured to back up or store the version of the machine-readable identifier 133 in the data store 115, although the client application 130 may not dispatch health or other types of information over the network 112 . When the user upgrades or replaces his or her client device 106, the machine-readable identifier 133 may be used to populate data on the new client device 106.

The data stored in the data store 115 may include device data 142 as well as other data that may be understood. The device data 142 may include information associated with one or more of the client devices 106 and the reader devices 109. In one example, each reader device 109 may be associated with a unique encryption key 121, in which case the key management application 118 sends the encryption key 121 to the client application 130 . The client application 130 may then generate a machine readable identifier 133 containing user input data encrypted with the encryption key 121 for the reader device 109. [ The reader device 109 also maintains a copy of its encryption key 121, so that it can decrypt and interpret user input data.

In another example, each client device 106 may be associated with one or more encryption keys 121, in which case the key management application 118 may communicate with the reader devices < RTI ID = 0.0 > And sends the encryption keys 121 to the user terminal 109. The client application 130 may generate a machine-readable identifier 133 containing user input data encrypted with one or more encryption keys 121. [ The key management application 118 may dispatch the encryption key 121 to the reader device 109 in accordance with instructions from the user of the client application 130 such that the reader device 109 may send the encryption key 121 to the user input Data can be decoded and interpreted.

The device data 142 may include device identifiers 145 that uniquely identify the client device 106 or the reader device 109. The device data 142 may further include device profiles 148 that may include access levels 152. In some embodiments, a user of the client application 130 may associate specific reader devices 109 with particular access levels 152. [ In one example, a person may associate a first reader device 109 for his or her general with a first access level and associate a second reader device 109 for his dentist with a second access level . To this end, the user of the client application 130 may specify which data is accessible by which reader device 109 based on the access level. As will be appreciated, the user input may be segmented or partitioned by information available to each reader device 109. To that end, the reader application 136 may provide a different level of access to information predetermined by the user or by the computing environment 103. [

The encryption keys 121 may include numeric, binary, or alphanumeric strings used to encrypt data. In various embodiments, the encryption keys 121 may include symmetric encryption keys 121, asymmetric encryption keys 121, or a combination thereof.

Referring now to FIG. 2, another example of a network environment 100 in accordance with various embodiments is shown. In some situations, the input data provided by the user of the client application 130 may be manipulated on the reading device 109 or on another device having access to the decrypted information. For example, a physician may change data provided by a user to include the latest blood pressure, weight, or other information. The user may wish to store this information in his or her client device 106 to maintain a more complete and accurate history.

To that end, in some embodiments, the reader application 136 may use its encryption key 121 (e. G., ≪ / RTI > to provide updated data, modified data, supplemental data, or otherwise manipulated data to the client device 106 Or other encryption key 121 available to the client device 106). The client application 130 may facilitate capturing one or more images of the machine readable identifier 133 that is generated on the reader device 109 and rendered on the reader device display 127. [

In various embodiments, the data underlying the machine-readable identifier 133 generated by the reader application 136 is encrypted using the encryption key 121 available only on the client device 106 and the reader device 109 Is encrypted. The client application 130 can decrypt the underlying data and locally store the data in the client device 106. [ If the user performs a portion of the gathering process, the updated data may be provided in an automatically populated field of the user interface 131. By having the appropriate encryption keys 121 to scan the machine-readable identifier 133 and access the underlying data, the reader application 136 can update the locally stored data, and the scheduling application, You can interface with other applications such as management applications, medication refill applications, or EHR applications to update relevant information.

Referring now to FIG. 3, there is shown an example of a data structure 300 that includes data used to generate images of machine-readable identifiers 133a-133c. The data structure 300 may include other information such as, for example, an error correction level 303, a character count indicator 306, a mode indicator 309, a payload 312, an error correction 315, and / Data may be included.

Matrix codes, also called quick response (QR) codes, use Reed-Solomon error correction, which is typically used to generate error corrected codewords (bytes) based on encoded data. The reader applications 136a ... 136b can use this error correction level 303 to determine whether data has been read incorrectly and if the data was read incorrectly, Can be corrected. In the case of the matrix code, there are four levels of error correction levels 303 designated as L, M, Q and H with error correcting functions of 7%, 15%, 25% and 30%, respectively.

Matrix codes have different sizes, and matrix codes of a particular size are also referred to as versions. 40 versions are available, but additional versions are possible and are included within the scope of the present invention. For example, version 1 is the minimum version of the matrix code, and is 21 X 21 pixels in size. Each version is 4 pixels bigger than the previous version. Version 40 is the largest version, and is 177 X 177 pixels. The largest version has the largest character capacity as shown in the table of FIG.

The payload 312 may be encoded according to different modes as set by the mode indicator 309. [ The mode indicator 309 may include a 4-bit string as shown in FIG. The encoded data may start with an appropriate mode indicator indicating the mode used for the next bit. The largest version of the matrix code has the largest character capacity as shown in the table of FIG. The character count indicator 306 contains the number of characters being encoded.

To generate the machine-readable identifier 133, the client application 130 (or the reader application 136) may access the user input received during the collection process and encrypt the data using the encryption key 121 . In embodiments where the encryption key 121 is asymmetric, RSA or other suitable encryption algorithm may be used. In embodiments where the encryption key 121 is symmetric, an Advanced Encryption Standard (AES) or other suitable encryption algorithm may be used. The encrypted user input may be encrypted in accordance with the mode indicator 309. For example, if the encrypted user input is an alphanumeric string, the mode indicator 309 may be set to 0010. Alphanumeric encoding can involve breaking strings into pairs and making a binary number for each pair.

The data for the first reader device 109a can be encrypted using an encryption key 121 (encryption key 121 _A shown in Figure 3) accessible by the first reader device 109a, and as payload _A Lt; / RTI > Similarly, the data for a second reader device (109b) may be encrypted using a second reader device accessible cryptographic key by (109b) (121) (the encryption key 121 _B shown in FIG. 3), And can be encoded as payload _B. When scanned by the reader device 109, only a portion of the payload _Total can be interpreted by the reader device 109.

Referring to FIG. 6, there is shown a flow chart illustrating the conversion of input data into a matrix code or other machine-readable identifier 133. Beginning at step 603, the user input is accessed. User input may include, for example, health information, emergency contact information, or other types of information obtained from the user interface 131 presented by the client application 130 or during the collection process. In the example of Fig. 6, the user input string includes "Hello world" for illustration.

In step 606, the encryption key 121 is identified based on the reader device 109 that is the subject of the data. For example, a user may specify a specific part of his or her history for his or her general. An encryption key 121 for one or more reader devices 109 for the general public can be identified. In step 609, the user input is encrypted using the encryption key 121 identified in step 606. The string of data encrypted using the key with AES encryption and "exampleencryptionkey" includes "BBd2iHwO / gy + xnFUg6HeAA ==".

Next, in step 612, the encrypted data is encoded using an alphanumeric mode or other appropriate mode such as number, byte, kanji, or ECI. For the first two characters "BB" of the encrypted data, a binary number is generated using alphanumeric coding to obtain "111111010". This may continue until all encrypted data is encoded using the appropriate mode. Finally, at step 612, an image of the matrix code is generated using the encoded data as a payload according to a matrix code standard.

In various embodiments, the AES-256 encryption algorithm can be used to encrypt the underlying data. An initialization vector (IV) or starting variable (SV) may be employed for use by a mode of randomizing encryption and generating separate ciphertexts even if the same plaintext is encrypted multiple times. (AES CBC Pkcs7). Some modes such as ECB (Electronic Codebook) and CBC (Cipher Block Chaining) may require proper padding because the last block may require padding before encryption.

In an embodiment where AES-256 is used, the encryption key 121 may comprise 256 bits (32 bits) with an IV of 128 bits (16 bytes). IV is randomly generated at each encryption performed by the client application 130 or reader application 136 to provide a separate encryption result (different from the previous encryption), even though the data to be encrypted is unaltered . The generated IV may be stored locally with the encrypted data on the client device 106 or the reader device 109 to enable future decryption as discussed herein.

In some embodiments, the encrypted data is stored locally in the client device 106 or the reader device 109 in association with a password, biometric data, or PIN code. Additionally, each user, or entity to which the data is provided (e.g., patient, relative, pet) has its own cryptographic key 121 (i.e., an encryption key) . As a result, any data encrypted in a particular device can be decrypted in the device only when appropriate password, biometric data or PIN code is provided.

Since the AES encryption algorithm requires an encryption key 121 or IV to encrypt or decrypt the data, the IV can be stored in association with the encrypted data and be decrypted successfully in the future. In some embodiments, the key management service 115 manages storing the IV and transmitting the IV to the client devices 106 or reader devices 109 along with the encryption key 121. The IV key may contain 16 bytes or some other suitable length. In some embodiments, the IV key may be partitioned and stored in a predetermined location along the encryption key 121. For example, a first number of bytes of the IV key may be placed at a first location in the encryption key 121, and a second number of bytes of the IV key may be located at a second location within the encryption key 121 have. The IV key may be removed from the encryption key 121 before the encryption key 121 is used. This feature adds an additional level of security to the encrypted data. For example, even though encryption key 121 is intercepted or successfully guessed by brute-force, it is not impossible to decrypt the encrypted data without knowing how to retrieve IV from the data It will be difficult.

7A-7N illustrate various examples of the user interface 131 of the client application 130 used to perform the collection process by prompting the user for various types of user input. As can be appreciated, prior to performing the collection process, a user may need to provide a user name, password, biometric information, or other information to properly authenticate the user of the client device 106. In FIG. 7A, an exemplary home screen for client application 130 is shown, wherein a user can enter key information about an individual. Key information does not include medical information, but may include information for identification. This information can be used to identify the name of an individual (e.g., owner, dependent, pet, or other entity).

The client application 130 may then prompt the user to enter basic information such as date of birth, emergency contact information, primary care physicain contact information, or other basic information. In addition, the user interface 131 may allow a user to change an individual to which information is provided. For example, a user may change an object from itself to another person, such as a child, dependent family member, pet, or the like. These assistant profiles will also have a data field for entering information about the primary care, emergency contact information, medical history, and the like.

FIG. 7B illustrates an embodiment of Health Insurance Portability and Accountability (HIPAA) compliance and documentation user interface 131. FIG. From this user interface 131, information on various regulations, such as HIPAA, is shown and followed by appropriate explanations for obtaining the necessary consent. In various embodiments, a link or other user interface component may be created to allow other applications, such as a browser application, to display information for those who need further explanation of the details of compliance. After review, a prompt for an electronic signature and date or time stamp may be displayed to confirm that the user has reviewed the data and to obtain the necessary consent.

Referring now to FIG. 7C, user interface 131 illustrates one embodiment of a dedicated screen for obtaining past medical information for an entity. The user interface 131 of FIG. 7C allows a user to provide a medical diagnosis that was previously provided by a professional medical staff. In various embodiments, smart text, auto-population, drop-down suggestions, and / or other similar components are included to better identify the exact spelling of the most common ailment and / or disease . The client application 130 may also obtain data regarding the date the diagnosis was given. They can then be placed in numerical order by date. If diagnostics are not listed, the free text option can be used. Additional text boxes may be generated for additional information that may be important.

Figure 7d shows a user interface 131 where past surgical information can be obtained by prompting the user to provide all previous surgical experience. As described above, in various embodiments, smart text, auto-population, drop-down suggestions, and / or other similar components may be included to better understand the exact spelling of the most common light surgery or medical procedure . The dates and institutions of these surgical procedures may also be obtained if known. The surgical procedures will then be placed in chronological order along with the relevant data fields for the dates and institutions for which the procedure was performed. If the procedure is not listed, the option for free text will be used.

7e, a user interface 131 representing an embodiment of a dedicated screen for acquiring current and past medication, which allows the user to provide current and previous medication, Respectively. In various embodiments, smart text, auto-population, drop-down suggestions, and / or other similar components may be included to better identify the exact spelling of the most common drugs. The date of onset of the provided prodrug, the reason for the dosage, the dosage, and the frequency of administration. If the user is an older drug that he or she is no longer taking, the field for the discontinued date will include the reason for the interruption. If dosing information is not listed, the free text option will be used.

Figure 7f illustrates a user interface 131 that allows a user to provide current and past allergies, medication information, environmental triggers, animals, and other pertinent information. In various embodiments, smart text, auto-fill, drop-down suggestions, and / or other similar components may be included to better understand the exact spelling of the most common drugs and allergens. The type of response to allergens will also be included. These will be placed in numerical order with the relevant fields for the reaction type for each allergen.

In a non-limiting example of FIG. 7g, a user interface 131 is shown that allows a user to provide information related to his family history. In some embodiments, the user may be provided with a general, specific disease that indicates whether it is applicable to the family history. Appropriate data fields can be used for uncommon diseases. Also, smart text, auto-fill, drop-down suggestions, and / or other similar components may be included to better identify the exact spelling of a common ailment or disease. The user can also identify the age of the family members who have been diagnosed and, if applicable, the "deceased" year.

7H illustrates an embodiment of a dedicated user interface 131 for obtaining a social history from a user. For example, a user may be provided with a form to provide information related to an individual's social performance. In some embodiments, the form includes data fields that address smoking history, drinking, travel abroad, education levels, and the like. This may include specific pediatric information, such as fellow inhabitants, home firearms, home-grown pets, lead and tuberculosis exposures based on age calculated based on the date of birth previously provided.

Referring next to Figure 7i, the user interface 131 illustrates one embodiment for obtaining a vaccination from a user. Smart text can be used to help users accurately spell vaccination spells. Open text fields may be provided for immunizations that are not generally available, such as may be needed for travel abroad. In some embodiments, the date on which the vaccination was provided may be a mandatory field. This information can be placed in chronological order based on the vaccination date.

7J illustrates an embodiment of a user interface 131 that allows a user to provide a miscellaneous note that may be maintained locally only for access by the user or may be included in the machine- do. For example, a note may include a reminder regarding a particular healthcare encounter. In various embodiments, this is not a list of symptoms, but may be limited to 100 characters or other appropriate amount, since it is merely a reminder for a particular visit. Like any other section, if you do not need to update this information, you can leave the memo page blank. In some embodiments, the data provided in the memo field may be excluded from the data in the machine readable identifier 133.

7K shows another view of the client device 106 that creates the user interface 131 on the client device display 124. The client device display 124 is shown in FIG. In the non-limiting example of FIG. 7k, an embodiment is shown in which the user is provided with information previously provided by the user. As can be appreciated, in embodiments in which health information is obtained, information about one or more of the eleven institutions can be ideally obtained. The user interface 131 may facilitate printing or transmitting information packets to a physician or other interested person in a format predefined by the user, the administrator, or in a format specified by the health care provider. This provides the ability to correlate this information in a format preferred by the physician and in a format that can be read by both the owner and the physician. In other instances, the user interface 131 may receive information related to the patient's pharmacy, insurance, or other related subject. The collection process may include physical examinations and health examinations.

In addition, the client application 130 may organize the information provided during the collection process in a predefined format. In one example, the information can be sorted in chronological order and by theme such as allergy or medication. In embodiments where the information is medical data, the chronological format common to the health care provider provides a way to efficiently provide the data obtained using the client application 130. [ It will provide all designated health information as required by the health care provider. Because the information provided can be complete and accurate, it can help limit medical accidents by providing the entire medical history that can be proven to be necessary to the physician or provider, as well as by proper identification of drugs or allergies.

The data may be formatted and / or compressed prior to encryption by the client application 130, or the reader application 136 may format the data when decrypted and / or decompressed. Accordingly, the client application 130 or reader application 136 may be capable of providing data in a predefined format, such as a Clinical Document Architecture (CDA) format, which includes a flexible markup standard developed by Health Level 7 International. Formatting. The CDA format includes predefined structures of specific medical records such as discharge summaries and progress notes for information exchange between the patient and professional medical personnel. The CDA format may include text, images, and other types of multimedia such as audio or video. In other instances, the format may be specified by the healthcare provider via the reader application 136. [

In various embodiments, the client application 130 may export the summary of information to a Microsoft Word®, PDF®, or other suitable format for the user to print in the healthcare provider's office or prior to the visit. In some embodiments, the machine-readable identifier 133 may be placed at the corner of the generated document or at another suitable location. Using the reader device 109, the healthcare provider may scan the machine-readable identifier 133 from the client device display 124 or document and send this information to a chart or electronic health record (EHR) . As can be appreciated, because the client application 130 may be configured to encrypt health information before generating the machine readable identifier 133, the reader device 109 for the health care provider may include a machine readable identifier (e.g., Lt; RTI ID = 0.0 > 133). ≪ / RTI > As a result, a user of the client application 130 may bypass the lengthy process of creating a medical intake format, for example, while sitting in an office. Since the information provided by the user can be updated by a professional medical staff, this not only provides the entire medical history that can be proven to be necessary to the physician, but can also help to limit medical accidents through accurate identification of drugs and allergies .

The client application 130 may include a web-based application or a mobile application accessed through a browser application. Individuals using web-based applications can convert summary information into Word® or PDF® format for owners to print before they visit, and information can be deleted at the end of the session. Corresponding machine readable identifiers 133 may be shown at the corners of the print.

Based on the discretion and capabilities of the healthcare provider, another embodiment is that client application 130 generates an e-mail with information and / or machine readable identifier 133 attached to the healthcare provider, By emailing them and electronically sharing them. This may be completed by the owner at home before the visit or in the waiting room of the health care provider. The format of the information will be the format preferred by the provider. From this point on it may be printed or scanned for addition to the patient's paper chart, or manually entered into the electronic medical record. Finally, it can be electronically linked to an EHR or proprietary electronic medical record (EMR) system. Before electronically sharing this information, the owner may need to review HIPAA regulations again, and date / time stamps and electronic signatures for review of this information may be required again.

Referring now to FIG. 71, a machine-readable identifier 133 with user input provided during the collection process may be shown. By bringing the encrypted image to the lens or camera of the reader device 109, the encrypted health information can be delivered for interpretation by the reader device 109. In some embodiments, the dependent can transmit his or her information to the parent client device 106, or vice versa, by capturing an image of the machine-readable identifier 133. The key management application 118 facilitates the transfer of the appropriate encryption keys 121 when the necessary consent is obtained.

7M, a user of the client application 130 may specify the recipient of data, such as the reader device 109 or the owner of a different client device 106, and the encryption key 121. [ In other embodiments, the encryption key 121 may be generated pseudo-randomly by the client application 130 or the key management application 118. The encryption key 121 is sent to the key management application 118 and the key management application 118 then sends the encryption key 121 to the client application 130, Key 121 to the reader device 109 or other client device 106. [ For example, a user of the client device 106 may cause the encryption key 121 to be transmitted to one or more reader devices 109 associated with the "Atlanta Health" provider. In other embodiments, the predefined encryption key 121 is used based on the provider's selection. For example, the key management application 118 may store one or more encryption keys 121 for the "Atlanta Health" provider. When "Atlanta Health" is selected, the client application 130 encrypts the information for use in the machine-readable identifier 133 using one or more cryptographic keys 121 stored in association with the "Atlanta Health" provider .

In further embodiments, the encryption key 121 may be set as a date of birth, a social security number, or other constant that may or may not be widely or publicly available. All healthcare providers who then acquire the necessary software to read and transmit the information displayed in the encrypted QR image can then immediately extract the user input electronically and wirelessly. In some embodiments, an additional level of security may be used if the recipient of the information must enter another identifier (e.g., date of birth or social security number) that is unique to the originating user before the information is decrypted.

The process of extracting information may be accomplished by bringing the machine readable identifier 133 to the camera lens of the reader device 109 or other client device 106 owned by the health care provider or other interested person. As can be appreciated, this can be done by a front office employee within one minute. The acquired information may then be used by the reader application 136 or other applications on the reader device 109 to be added to the patient's paper chart or electronic medical record system. In addition, the reader application 136 may be configured to automatically populate the fields in the third-party EMR system.

7n, the client application 130 may facilitate sending encrypted messages from the client device 106 to another device. In one example, the client application 130 allows a patient to communicate directly with his or her health care provider. The client application 130 may encrypt the message generated by the user of the client device 106 and send the encrypted message to the direct messaging service 122 over the network 112. [ The direct messaging service 122 may then send the encrypted message to the receiving client device 106. In other embodiments, messages may be communicated between client devices 106 using a machine readable identifier 133. [ The client application 130 may facilitate transmission of the machine readable identifier 133 via the direct messaging service 122.

8, there is shown a pseudocode 800 that may be implemented to configure a client application 130, a reader application 136, or other suitable application to generate a matrix code or other type of machine readable identifier 133 Are shown. For example, a function at line 01 of a pseudo-code can be called programmatically to generate matrix code. Line 02 receives user input to be included in the machine readable identifier 133, such as a user input provided in an acquisition process performed by presenting the user interfaces 131 of Figures 7A-7K. Because the user input is stored locally on the client device 106, it can be properly queried.

At line 03, an encryption key 121 is obtained using the appropriate function call. In the embodiment of Figure 8, the encryption key 121 is obtained based on the identifier provided for the particular reader device 109. For example, a user of the client application 130 may specify an intended recipient of the data. In other embodiments, the user may specify his or her encryption key 121. In further embodiments, the encryption key 121 may be pseudo-randomly generated or determined using the date of birth, the social security number, or other information provided by the user.

At line 04, the mode indicator 309 is set. In the example of Fig. 8, the mode indicator is set to "0010" indicating the alphanumeric mode. Line 05 determines the number of characters of the input data. At line 06, the function call is made to the appropriate function using the encryption key 121 to encrypt the user input and return the encrypted string or other appropriate variable type. Line 07 uses the appropriate function call to determine the Reed-Solomon error code. On line 08-09 the data can be formatted. In line 10, the formatted data is provided as a variable in a programmatic function call to generate an image or other suitable format machine readable identifier 133.

Referring now to FIG. 9, another example of a client application 130 for importing data from an external source is shown. As discussed above, in some situations, input data provided by a user of the client application 130 may be manipulated on the reader device 109 or other device having access to the decrypted information. For example, a physician may update or change data to include the latest blood pressure measurements, weight measurements, blood glucose measurements, or other information. The user may want to store this updated information on his or her client device 106 to maintain a more complete and accurate history. In some embodiments, the reader application 136 may generate a document 900 that can be printed for insertion into a physical medical file.

The reader application 136 may use its encryption key 121 to generate the document 900 with the machine readable identifiers 133a through 133b. The key management application 118 may provide the appropriate encryption key 121 to the client device 106 based on the reader device 109 or other device that generated the machine readable identifier 133. [ The client application 130 may facilitate capturing one or more images of the machine readable identifier 133 disposed on the document 900. If an image of the machine-readable identifier 133 is obtained and decrypted on the client device 106, the client device 106 may update the locally stored information and / or display the user interface 131 for review by the user. You can fill in my fields automatically.

In various embodiments, the underlying data of the machine-readable identifier 133 generated by the reader application 136 is encrypted using the encryption key 121 available only to the client device 106 and the reader device 109 Is encrypted. The client application 130 may decrypt the underlying data and store the data locally on the client device 106. If the user performs a portion of the gathering process, the updated data may be provided in an automatically populated field in the user interface 131. [

A number of security mechanisms are embedded in the code and implementation of the client application 130. Because of the potentially significant amount of information, in various embodiments, this information is stored locally on the client device 106. Thus, the potential loss of this information through the "cloud " is reduced or eliminated. In various embodiments, the client application 130 may be integrated with a cloud-based system for remote entry and updating of information.

In addition to the default password protection provided on a smart phone or other type of client device 106, additional passwords or personal identification numbers (PINs) may be required to access the functions of the client application 130. A password that is incorrectly consecutively a predefined number of times (e.g., five) may disable the use of the client application for a predefined period of time, such as 24 hours. Before this information is electronically shared, additional identifiers may be required to indicate the owner's permission to share this information.

In various embodiments, the medical service provider authorized to withdraw the information from the machine-readable identifier 133 may also update or augment the information and may provide updated or augmented information in the form of another machine-readable identifier 133 It is also possible to give permission to the owner. As a result, the updated information may be reconciling with information already present on the client device 106. In this way, the owner will not need to enter new information. Since it will be completed by the client application 130. This may also include a reminder for future visits to be merged into the mobile device calendar, a reminder for drug re-charging, and the like. In another example, the client application 130 may electronically match the drug with the pharmacy.

The client application 130 may be implemented in multiple versions, where each version uses a different language such as English, Spanish, French or other languages. If desired, the user input may be translated by the translator service 120 from the user's language into the recipient's language. This may occur prior to encoding the data for use in the machine readable identifier 133 or when decoding the information using the reader application 136. [ In situations where a high level of communication or medical terminology in English is not known, this information is used to aid medical or other types of assessments.

In one embodiment, the machine-readable identifier 133 can be encoded in the "lock screen" of the client device 106 such that a person without access to the phone can access the client device 106 without having to unlock the client device 106 Identification information, health information, or contact information. In other embodiments, the information provided during the collection process may be periodically cleared at the client device 106 or the reader device 109, for example, at the end of the usage session.

Referring now to FIG. 10, a flow diagram is provided that provides an example of the operation of a portion of client application 130 in accordance with various embodiments. It should be understood that the flow diagram of FIG. 10 only provides examples of the many different types of functional arrangements that can be used to implement the operation of a portion of client application 130, as described herein. Alternatively, the flow diagram of FIG. 10 may be viewed as depicting exemplary components of a method implemented in a client device 106 in accordance with one or more embodiments.

Beginning at step 1003, the client application 130 is executed to obtain information, such as health information, from a user for one or more entities such as a dependent, pet, or other animal. This may be accomplished using a user interface 131 that is presented later in a collection process in which the user repeats through the user interfaces 131 during one or more sessions. Next, at step 1006, the client application 130 determines whether the HIPAA notification has been acknowledged by the user. If the HIPAA notification is not acknowledged, the HIPAA notification may be displayed to the user, and the process may return to step 1003 or may be terminated. If the HIPAA notification has been acknowledged by the user, the process may proceed to step 1009 and the generic, health or other information provided by the user is encrypted according to one or more predefined cryptographic standards and formats.

In various embodiments, the data is encrypted using one or more encryption keys (121). In various embodiments, the encryption key 121 includes information provided by the user, such as date of birth, gender, name, social security number, a combination of these, or other potentially unique information. In step 1012, the encrypted information is used to generate a machine-readable identifier 133, such as a barcode or matrix code. The steps taken to create the machine-readable identifier are described with respect to Figs. 6 and 8. Fig.

10, at step 1015, a further notification may be displayed to the user asking the user whether he wants to show the generated machine-readable identifier 133 on the client device display 124. [ Finally, at step 1018, the machine-readable identifier may be encoded in the user interface 131 for rendering on the client device display 124. At this point, the user may provide the machine readable identifier 133 for scanning by the reader machine 109, or the user may print the document containing the information and having the machine readable identifier 133 thereon can do.

Referring now to FIG. 11, a flowchart is provided that provides another example of the operation of a portion of the client application 130 in accordance with various embodiments. It should be understood that the flow diagram of FIG. 11 is merely to provide examples of many different types of functional arrangements that can be used to implement the operations of portions of the client application 130 described herein. Alternatively, the flow diagram of FIG. 11 may be seen as depicting an example of components of a method implemented in a client device 106 in accordance with one or more embodiments.

Beginning at step 1103, the client application 130 executable on the client device 106 may be configured to access the first encryption key 121a associated with the first device profile 148a. Similarly, at step 1106, the client application 130 may access the second encryption key 121b associated with the second device profile 148b received via the network 112. [ As can be appreciated, the first encryption key 121a and the second encryption key 121b may be sent to the client device 106 by the key management application 118 or other similar service over the network 112 have. The first encryption key 121a and the second encryption key 121b may be provided to the client application 130 in response to a selection of a particular entity or organization, such as a medical institution or a professional medical staff. In one example, the first encryption key 121a is associated with a first healthcare provider. The first medical provider may own or operate the first reader device 109a associated with the first device profile 148a and in which the first encryption key 121a is stored. Similarly, the second encryption key 121b is associated with a second healthcare provider, whereby the second healthcare provider is associated with the second device profile 148b and stores the second encryption key 121b 2 reader device 109b.

As the client application 130 facilitates the collection of input data from the user via the gathering process, at step 1109, the input data may be accessed to be included in the machine readable identifier 133. The collection process may include a series of user interfaces 131 that prompt the user to enter various data, such as those shown in Figures 7A-7K. At step 1112, the client application 130 may segment, partition or format the input data into at least a first data portion and a second data portion. For example, the first data portion may be interpreted by a device for a general practitioner, while the second data portion may be interpreted by a device for a chiropractor.

Next, in step 1115, the client application 130 may encrypt the first data portion using the first encryption key 121a, while in step 1118, the client application 130 encrypts the second encryption key 121b May be used to encrypt the second data portion. The key management application 118 operating in the computing environment 103 may supervise the transmission and reception of the encryption key 121 that can decrypt the data, as permitted by the user. Alternatively, in other embodiments, the reader device 109 may be associated with a predefined encryption key 121 stored in the data store 115 of the computing environment 103. The key management application 118 may provide the client application 130 with an encryption key 121 for a particular reader device 109 so that the information is encrypted for access by the reader device 109 or other client device 106 .

In step 1121, the client application 130 may generate the machine readable identifier 133 using the encrypted first data portion and the encrypted second data portion for rendering on the client device display 124. The reader device 109 may capture one or more images of the machine readable identifier 133 to access the underlying data.

In further embodiments, a user of the client application 130 may associate a device profile 148, such as that of the generic, with a high level of access, in which case the generic user may use his or her own reader device 109 To access all or a significant amount of input data provided by a user of the client application 130. [ The key management application 118 may send the encryption key 121 to the user's client device 106 as well as to the reader device 109 for the general public. Similarly, the key management application 118 may dispatch a different encryption key 121 to the reader device 109 for the chiropractor or other medical provider. The client application 130 uses the encryption key 121 corresponding to the generic reader device 109 to encode data authorized to be received by the generic user while using a different encryption key for the reader device 109 of the acupressurist 121) can be used to encode data that is allowed to be received by the acupressurist. To this end, using a single machine-readable identifier 133, access control is provided on the data underlying the machine-readable identifier 133. The process then proceeds to termination.

In some embodiments, a first access level 152a associated with the first data portion may be defined. For example, a user may associate his personal information with a required low access level 152, associating his or her history with a high access level 152 that is required. The reader device 109 associated with the higher access level 152 may access both history and personal information but the reader device 109 associated with the lower access level 152 may only access private information. In one example, the child's coach may have a low access level 152 assigned to the client device 106 used to access emergency contact information for the player, as permitted by the player or parent.

That is, the access level 152 may be used to determine the portion of data that the reader devices 109 can access. The user may also define through the client application 130 which entities (e. G., The clinic) can access data associated with the various access levels 152. To this end, a first access level 152a associated with the first data portion and a second access level 152b associated with the second data portion may be identified, in which case the first data portion is associated with a first access level 152a And the second data portion is encrypted using the second encryption key 121b based at least in part on the second access level 152b, Will be. As can be appreciated, the first access level 152a may be different from the second access level 152b.

Referring now to FIG. 12, there is shown a flow chart that provides another example of the operation of a portion of the client application 130 in accordance with various embodiments. It should be appreciated that the flow diagram of FIG. 12 only provides examples of many different types of functional arrangements that can be used to implement the operations of portions of the client application 130 described herein. Alternatively, the flow diagram of FIG. 12 may be considered to represent an example of the components of the method implemented in client device 106 in accordance with one or more embodiments.

Beginning at step 1203, the client application 130 may identify the machine readable identifier 133 of the image captured by the camera or other imaging device communicating with the client device 106. For example, the machine-readable identifier 133 may be an updated, complementary, or other identifier that is initially provided by a user of the client application 130 using the initial machine-readable identifier 133 generated after completion of the collection process. Or may be generated by the reader device 109 to provide manipulated data. As can be appreciated, the data modified by the reader device 109 may be obtained from the original machine-readable identifier 133 created on the client device 106. [ An image of the machine-readable identifier 133 may be acquired by the client device 106 to update its locally stored data. The image may be captured from the reader device display 127 as shown in FIG. 2, from the display of another client device 106, or from the document 900 as shown in FIG.

Next, at step 1206, the machine readable identifier 133 is decoded to identify the encrypted data. In step 1209, the client application 130 may decrypt the encrypted data using the encryption key 121 associated with the device profile 148 from the originating device from which the machine-readable identifier 133 is obtained. In some embodiments, the data read from the machine-readable identifier 133 that identifies the reader device 109 from which the machine-readable identifier 133 was obtained may be public (may not be encrypted) and in this case Any device can decode the data. The data may include a unique identifier and / or device identifier 145 that identifies the individual or client device 106 authorized to access the encrypted data. The client application 130 may communicate the device identifier 145 to the computing environment 103 to obtain the encryption key 121 if the client device 106 is authorized to do so.

At step 1212, the decrypted data obtained from the machine-readable identifier 133 may be used to update or supplement data stored locally on the client device 106. [ In some cases, the decrypted data may conflict with the data provided by the user. For example, some of the data the user has provided to the reader device 109 via the first machine readable identifier 133 may have changed. Alternatively, the data provided by the user may be augmented with readings taken by a physician that was not previously known to the user.

Thus, at step 1215, the client application 130 determines whether there is a conflict between the decrypted data and the data provided by the user, for example, through the gathering process. For example, if the data the user provided using his or her client device 106 is different from the data returned by the reader device 106 from any point of view, the data may collide. For example, using the reader device 109, the physician or nurse can update the data provided by the user to reflect recent readings or measurements. Alternatively, using the reader device 109, the physician or nurse may augment the data provided by the user. In both scenarios, conflicts between data are identified because the two sets of data are not identical. A DIFF function or similar function may be used to identify a particular portion of the data in which the collision is present.

If there is a conflict between the data, the process proceeds to step 1218 to adjust or resolve the data conflict. In some embodiments, the user may be provided with information about the conflict, in which case the user may choose to keep the original data provided by the user or update the data with data provided from the reader device 109 . In other embodiments, the data provided by the reader device 109 may be automatically replaced with data provided by the user or automatically added to the memory of the client device 106 to augment the data provided by the user during the acquisition process have.

In some instances, some data may be associated with an access level 152 that varies with respect to a particular type of data. For example, if the healthcare provider updates the healthcare data stored in the client device 106, the healthcare provider may be assigned a high access level 152 by the user (or by default) A deference to one can be seen. In another example, if a healthcare provider updates personal information, such as a telephone number or address for a user of the client device 106, it is possible that the user may be able to better understand his or her telephone number or address, ) Can be shown. That is, the healthcare provider may have a high access level 152 for medical information and a low access level 152 for personal information.

Alternatively, if there is no data conflict, the process proceeds to step 1221 where during the subsequent collection process, the fields in the user interfaces 131 may be automatically populated with data obtained from the machine-readable identifier 133 have. The process then proceeds to termination.

Referring to FIG. 13, a flow chart is shown that is an example of the operation of a portion of the key management application 118 in accordance with various embodiments. It is appreciated that the flow diagram of FIG. 13 merely provides an example of many different types of functional configurations that can be used to implement the operation of a portion of the key management application 118 as described herein. Alternatively, the flow diagram of FIG. 13 may be seen as representing an example of the components of a method implemented in computing environment 103 in accordance with one or more embodiments.

Beginning at step 1303, when a selection is made in the client application 130, a selection of an entity, such as a healthcare provider, is received from the client device 106. For example, the user may specify entities that he wishes to share input data provided during the collection process. In one example, the user may select the "Atlanta Health" provider in the user interface 131 generated by the client application 130. [ The "Atlanta Health" may own or operate one or more reader devices 109 associated with one or more device profiles 148 stored in the data store 115.

In some instances, an appliance profile 148 corresponding to an entity, or a reader device 109 operated by an entity, may have a predefined encryption key 121 stored in the data store 115. However, at step 1306, an encryption key 121 for the device profile 148 may be generated, for example, to generate an encryption key 121 that is unique to a user-to-entity relationship. As can be appreciated, step 1306 may be optional. In some examples, the encryption key 121 is generated pseudo-randomly, using information provided by the user, or a combination thereof.

Next, at step 1309, the encryption key 121 is sent to the client device 106, whereby the client application 130 sends the input data for reception by the reader device 109 associated with the device profile 148 Can be encoded. If the reader device 109 does not have the encryption key 121 stored therein, then at step 1312, the encryption key 121 may be sent to the reader device 109, if necessary.

Referring to FIG. 14, a flow chart illustrating another example of the operation of the key management application 118 according to various embodiments is shown. It is appreciated that the flow diagram of FIG. 14 only provides an example of many different types of functional arrangements that can be used to implement the operation of a portion of the key management application 118 as described herein. Alternatively, the flow diagram of FIG. 14 may be viewed as depicting exemplary components of a method implemented in computing environment 103 in accordance with one or more embodiments.

In some embodiments, the machine-readable identifier 133 may include non-encrypted data or data that can be decrypted using the global or shared encryption key 121. The data may include a first device identifier 145a for the originating device and a second device identifier 145b for the intended recipient. For example, the client application 130 may include a first device identifier 145a for the client device 106 that created the machine-readable identifier 133a and an intended recipient reader device (e.g., Readable identifier 133 that includes a second device identifier 145b for the first device identifier 115a.

When the reader device 109 scans the machine-readable identifier 133, the reader device 109 analyzes the first device identifier 145a or the second device identifier 145b for the intended recipient, ≪ RTI ID = 0.0 > and / or < / RTI > In other instances, the reader device 109 may communicate device identifiers 145 to the key management application 118 for remote authentication. To this end, in step 1403, the key management application 118 may receive the first device identifier 145a for the device that created the machine-readable identifier 133. [ Similarly, at step 1406, the key management application 118 may receive a second device identifier 145b for a device that wishes to access data that is the basis of the machine-readable identifier 133. [

Using the first device identifier 145a and the second device identifier 145b, in step 1409, the key management application 118 generates an encryption key 121 (e.g., a secret key) to decrypt the underlying data of the machine- (E.g., a user or a healthcare provider of the client application 130) that the requesting device has access to the underlying data. If the requesting device is authorized to access the underlying data, then at step 1412, the key management application 118 may send the encryption key 121 to the device, Lt; RTI ID = 0.0 > 133 < / RTI > The process then proceeds to termination. Returning to step 1409, if the requesting device is not authorized to access the underlying data, the process proceeds to termination.

Applications described herein, such as client application 130, reader application 136, and key management application 118, can effectively acquire, store, store and retrieve important information such as information required upon initial visit or subsequent visit with a health care provider And playback capabilities. Specifically, the present disclosure describes a client application 130 that acquires a history in a user-friendly manner and generates a machine-readable identifier 133 containing the history of the acquisition as encoded and encrypted data. In various embodiments, the information provided by the user via the client application 130 may be stored locally on the client device 106. [ The information stored in the client device 106 may be encrypted for local storage. Also, upon revisit, changes to the health record can be easily identified and provided to the provider.

Today, existing health-related applications are designed to improve the ability of individuals to be responsible for their own care, promote healthy living, and connect with provider or institution-specific electronic health record systems to obtain examinations and research results. It is helpful. These applications include varying degrees of day-to-day or at most weekly data points that need to be updated to justify the use of the client application 130.

The client application 130 and reader application 136 may be implemented in iOS, Blackberry, Linux, Android, Windows and / or other suitable operating systems. The information obtained by the client application 130 needs to be provided only once by the user and may be updated with significant and appropriate changes (e.g., drug changes, surgery) that may be rarely needed for the majority of patients Need to be. The client application 130 also allows the user to provide important information about the dependents or people the user may be responsible for. As can be appreciated, the value of providing basic information easily and accurately is substantial.

According to various embodiments, a special account is obtained that requires only intensive, low maintenance maintenance of essential medical information required by healthcare providers and other entities to provide routine care. This information is generated by doctors with the physicians in mind, but is formed for easy navigation of the system. The workflow will be shaped so that everyone with a basic literacy level can complete the search. In various embodiments, the breadth of information requested from a user may be a predefined number of questions that may be important for every initial visit to any health care provider (e.g., 7 questions or a different number of questions ). In various embodiments, these questions may be specific and may not be limiting.

The client application 130 creates a series of one or more user interfaces 131 to obtain information from the user. The client application 130 also correlates the information in an easy and readable form for both physicians and patients. It also enables efficient transmission of basic medical information between various providers such as general and specialists. The client application 130 facilitates the correlation of history or other information to relatives or other entities such as parents, children, pets, and the like. For example, information provided by another person may be helpful in situations where the patient is unable to provide his / her medical history due to pain, stress, confusion, loss of consciousness, etc., have. In this case, this important information can be delivered quickly, easily, and accurately, thus avoiding medical accidents due to lack of accurate and complete information. In addition, the client application 130 is configured to enhance healthcare for individuals with a communication disorder, such as the hearing impaired or the speech impaired.

In various embodiments, a physician's clinic or other health care provider may specify necessary or optional information during customer acceptance. The client application 130 is executed to collect data points designated as required by the health care provider. Such information may be encrypted in accordance with the HIPAA and HITECH (Health Information Technology for Economic and Clinical Health Act) regulations, and may be made accessible to the user or to a designated health care provider using keys or passwords.

According to various embodiments, the collected information may be limited to past history, past history of surgery, allergy, drug, family history, social status and vaccination, but in other embodiments, additional information may be collected have. The client application 130 helps the user provide accurate spelling of basic medical terminology and drugs, thereby preventing confusion and inaccurate documentation that could lead to a medical accident.

The information collected by the client application 130 may comprise a summary screen shown in the user interface 131 for reference while creating new patient information packages. In various embodiments, this information may be converted to Microsoft Word® or PDF format for printing prior to visiting with a health care provider. Finally, this information can be encrypted and the encrypted information can be converted into a matrix code or other machine-readable identifier 133 to deliver the information directly to the health care provider, without paper, and wirelessly. In various embodiments, the scanning of the machine-readable identifier 133 results in automatically populating information based on a database of various electronic medical record systems.

In addition to collecting personal information, the client application 130 may be configured to obtain health information about a dependent, a family member, a pet, and the like. This can help provide accurate and complete information to health care professionals when dependents and family members are unable to provide this information on their own due to age, lack of physical abilities, and so on. This can help health care providers accurately assess, efficiently nurse, and prevent medical accidents from incomplete medical records. As described above, since the history of the pet is also important to the owner and the veterinarian, the client application 130 can be configured to obtain information about the pet. By being able to easily reference this information on the same platform as the user of the client application 130, this information can be used for schools, colleges, international travel, emergencies and other situations.

While the present disclosure provides numerous examples in the context of healthcare data, the embodiments contained herein are applicable to many industrial applications. For example, the health information may include information about the automobile. The mechanic can view the service record by scanning the machine readable identifier 133 presented on the client device 106, which may include a person's smartphone or an automotive computing device.

Referring to FIG. 15, a schematic block diagram of a computing environment 103 in accordance with an embodiment of the present disclosure is shown. The computing environment 103 includes one or more computing devices 1500. Each computing device 1500 includes at least one processor circuit having a processor 1503 and a memory 1506 coupled to, for example, a local interface 1509. [ To this end, each computing device 1500 may include, for example, at least one server computer or similar device. Local interface 1509 may include a data bus with an accompanying address / control bus or other bus structure that may be understood.

All components and data executable by the processor 1503 are all stored in the memory 1506. In particular, key management application 118, translator service 120, direct messaging service 122 and other computing environment applications that are stored in memory 1506 and executable by processor 1503. The memory 1506 may also store the data store 115 and other data. Operating system 1512 may also be stored in memory 1506 and executable by processor 1503. It is understood that there may be other applications stored in the memory 1506 and executable by the processor 1503, as can be appreciated.

Referring to Figure 16, a schematic block diagram of a client device 106 in accordance with one embodiment of the present disclosure is shown. Each client device 106 includes at least one processor circuit having a processor 1603 and a memory 1606 and both the processor 1603 and the memory 1606 are coupled to the local interface 1609. [ To this end, each client device 106 may include, for example, a smart phone, tablet, personal computer, or other similar device. Local interface 1609 may include, for example, a data bus with an accompanying address / control bus or other bus structure that may be understood.

All of the components and data executable by processor 1603 are stored in memory 1606. In particular, client application 130 and other applications that are stored in memory 1606 and executable by processor 1603. Also stored in the memory 1606 is a client data store 1612 (also referred to herein as a local data store) and other data. Also, client operating system 1615 may be stored in memory 1606 and executable by processor 1603. It is understood that there may be other applications stored in memory 1606 and executable by processor 1603, as can be appreciated.

Referring to Fig. 17, a schematic block diagram of a reader device 109 according to an embodiment of the present disclosure is shown. Each reader device 109 includes at least one processor circuit having a processor 1703 and a memory 1706 and both the processor 1703 and the memory 1706 are coupled to the local interface 1709. [ To this end, each reader device 109 may include, for example, a smart phone, tablet, personal computer, or other similar device. Local interface 1709 may include, for example, a data bus having an accompanying address / control bus or other bus structure that may be understood.

All components and data executable by the processor 1703 are all stored in the memory 1706. In particular, those that are stored in memory 1706 and executable by processor 1703 are reader application 136 and other applications. Also stored in memory 1706 is a reader data store 1712 and other data. In addition, the client operating system 1715 may be stored in memory 1706 and executable by processor 1703. It is understood that there may be other applications stored in memory 1706 and executable by processor 1703, as can be appreciated.

Any of the components discussed herein may be implemented in software, for example, C, C ++, C #, Objective C, Java®, JavaScript®, Perl, PHP, Visual Basic®, Python®, Ruby, Flash®, Swift®, or some other programming language.

A number of software components are stored in a memory executable by the processors. In this regard, the term "executable" means a program file in a format that can ultimately be executed by the processor. Examples of executable programs include, for example, compiled programs that are loaded into the random access portion of the memory and can be converted into machine code in a format that can be executed by the processor, programs that are loaded into the random access portion of the memory and executed by the processor Source code that may be represented in a suitable format, such as object code, which may be interpreted by another executable program to generate instructions in a random access portion of memory to be executed by the processor, and the like. An executable program may be stored in a memory including, for example, RAM, ROM, a hard drive, an SSD, a USB flash drive, a memory card, an optical disc (e.g., CD or DVD), a floppy disk, a magnetic tape, Lt; RTI ID = 0.0 > and / or < / RTI >

Memory is defined herein as including both volatile and non-volatile memory and data storage components. Volatile components are components that do not retain data values in the event of power loss. Non-volatile components are components that retain data in the event of power loss. Thus, the memory may be, for example, RAM, ROM, a hard disk drive, an SSD, a USB flash drive, a memory card accessed through a memory card reader, a floppy disk accessed through an associated floppy disk drive, Magnetic tape and / or other memory components accessed through a suitable tape drive, or any combination of two or more of such memory components. The RAM may also include, for example, static random access memory (SRAM), dynamic random access memory (DRAM), magnetic random access memory (MRAM), and other such devices. The ROM may include, for example, a programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM)

A processor may also represent multiple processors and / or multiple processor cores, and the memory may represent a plurality of memories, each operating in parallel processing circuits. In such a case, the local interface may be a suitable network that facilitates communication between any two of the multiple processors, between any processor and any memory, or between any two memories. The local interface may include additional systems designed to coordinate such communications, including, for example, performing load balancing. The processor may be electrically or other available configuration.

The client application 130, reader application 136, key management application 118, and various other systems described herein may be implemented in software or code executed by general purpose hardware as described above, but as an alternative , Dedicated hardware, or a combination of software / general purpose hardware and dedicated hardware. If implemented in dedicated hardware, each may be implemented as a circuit or state machine using any one or a combination of the numerous techniques. These techniques include discrete logic circuits having logic gates for implementing various logic functions upon application of one or more data signals, an application specific integrated circuit (ASIC) with suitable logic gates, a field-programmable gate array (FPGA) But are not limited thereto. These techniques are generally well known to those skilled in the art and are not described in detail herein.

6 and 10-14 illustrate the functionality and operation of an implementation of client application 130, reader application 136, and portions of key management application 118. [ When implemented in software, each block may represent a module, segment, or portion of code that includes program instructions for implementing a particular logical function (s). The program instructions may be embodied in the form of source code including a human-readable sentence written in a programming language or machine code containing numerical instructions recognizable by a suitable execution system, such as a computer system or a processor of another system have. The machine code can be converted from a source code or the like. When implemented in hardware, each block may represent a circuit or a plurality of interconnected circuits to implement a particular logic function (s).

It should be understood that although the flowcharts of FIGS. 6 and 10-14 show specific execution sequences, the order of execution may differ from the order shown. For example, the order of execution of two or more blocks may be scrambled with respect to the order shown. Further, two or more blocks shown successively in Fig. 6 and Fig. 10 to Fig. 14 can be executed simultaneously or partially at the same time. Additionally, in some embodiments, one or more of the blocks shown in Figures 6 and 10-14 may be skipped or omitted. In addition, any number of counters, status variables, warning semaphores, or messages may be used in the logic flow described herein for purposes such as providing improved utilities, accounting, performance measures, or troubleshooting tools. Can be added. It is understood that all such modifications are within the scope of the present invention.

In addition, any of the logic or applications described herein, including client application 130, reader application 136, and key management application 118, including software or code, may be, for example, And may be implemented in any non-transitory computer readable medium for use by or in connection with the instruction execution system. In this sense, the logic may include, for example, statements that may be fetched from a computer readable medium and include instructions and declarations that may be executed by the instruction execution system. In the context of this disclosure, "computer readable medium" means any medium capable of storing, storing, or maintaining the logic or applications described herein for use by or in connection with an instruction execution system have.

Computer readable media can include any of a number of physical media, such as magnetic, optical, or semiconductor media, for example. More specific examples of suitable computer readable media include, but are not limited to, magnetic tape, magnetic floppy diskette, magnetic hard drive, memory card, SSD, USB flash drive or optical disk. The computer-readable medium may also be, for example, a RAM including a static random access memory (SRAM) and a dynamic random access memory (DRAM), or a magnetic random access memory (MRAM). The computer-readable medium may also be embodied as read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM) Device.

In addition, any of the logic or applications described herein, the client application 130, the reader application 136, and the key management application 118 may be implemented and configured in various ways. For example, the one or more applications described may be implemented as modules or components of a single application. Additionally, one or more of the applications described herein may be implemented as shared or separate computing devices or a combination thereof. For example, the plurality of applications described herein may be executed in the same computing device 1500 or in multiple computing devices in the same computing environment 103. Additionally, it is to be understood that terms such as "application", "service", "system", "engine", "module" and the like are interchangeable and not intended to be limiting.

A disjunctive language, such as the phrase "at least one of X, Y, or Z ", is used to denote an item, term, etc., in general, unless otherwise stated, X, Y, or Z, or any combination thereof (e.g., X, Y, and / or Z). ≪ / RTI > Thus, this disjunctive language does not generally mean and should not mean that an embodiment requires that there be at least one X, at least one Y, or at least one Z, respectively.

It should be emphasized that the embodiments of the present invention described above are only possible implementations for a clear understanding of the principles of the invention. Many variations and modifications may be made to the above-described embodiment (s) without substantially departing from the spirit and principles of the invention.

Item 1. As system, the system is:

A client device comprising at least one hardware processor; And

A client application executable on the client device,

Wherein the client application, upon execution, causes the client device to:

Receive a first encryption key associated with a first device profile and a second encryption key associated with a second device profile over a network;

In the data store of the client device, accessing input data provided via at least one user interface generated by the client application;

Format the input data into at least a first data portion and a second data portion;

Encrypt the first data portion using the first encryption key and encrypt the second data portion using the second encryption key; And

To generate a machine readable identifier using the encrypted first data portion and the encrypted second data portion to render on a display accessible by the client device; Program instructions.

Item 2. In Item 1,

The machine readable identifier is a first machine readable identifier, and

Wherein the client application, upon execution, causes the client device to:

Identify, in an image captured by a camera in communication with the client device, a second machine-readable identifier generated by a device different from the client device;

Identify encrypted data from the second machine-readable identifier;

Decrypt the encrypted data using the first encryption key or the second encryption key to identify decrypted data; And

Store the decrypted data in the data store for access by the client application; ≪ / RTI > further comprising program instructions.

Item 3. In item 2,

Storing the decrypted data in the data store comprises:

Identifying whether there is a conflict between the input data stored in the data store and the decrypted data; And

Further comprising storing the decrypted data instead of input data stored in the data store.

Item 4. In Item 1,

A first reader device associated with the first device profile in which the first encryption key is stored; And

And a second reader device associated with the second device profile in which the second encryption key is stored,

Wherein the first reader device is configured to access the first data portion in the machine readable identifier using the first encryption key,

And the second reader device is configured to access the second data portion in the machine readable identifier using the second encryption key.

Item 5. In item 4,

Wherein the first reader device comprises a first imaging device,

Wherein the second reader device comprises a second imaging device,

Wherein the machine readable identifier is captured by the first imaging device or the second imaging device.

Item 6. In Item 1,

Wherein the client application further comprises program instructions that, when executed, cause the client device to dispatch the machine readable identifier to another client device that is different than the client device.

Item 7. In Item 1,

Wherein the machine readable identifier is generated using decrypted data from the input data.

Item 8. In Item 1,

Wherein a first encryption key associated with the first device profile is received by the client device from at least one remote computing device over the network in response to the selection of a first device profile made at the client device, Wherein the second encryption key associated with the profile is received by the client device from at least one remote computing device over the network in response to the selection of the second device profile made at the client device.

Item 9. In Item 1,

Encrypting the first data portion using the first encryption key and encrypting the second data portion using the second encryption key comprises:

Identifying a first access level associated with the first data portion;

Identifying a second access level associated with the second data portion;

Encrypting the first data portion using the first encryption key based at least in part on the first access level; And

Further comprising encrypting the second data portion using the second encryption key based at least in part on the second access level,

The first access level being different from the second access level.

Item 10. In Item 1,

Wherein the machine readable identifier is a quick-response (QR) code or bar code.

Item 11. A computer-implemented method,

Receiving, by a client device including at least one hardware processor, a first encryption key associated with a first device profile and a second encryption key associated with a second device profile over a network;

Accessing input data in a data store of the client device by the client device, the input data being provided through at least one user interface generated by a client application executable on the client device;

Formatting, by the client device, the input data into at least a first data portion and a second data portion;

Encrypting, by the client device, the first data portion using the first encryption key and the second data portion using the second encryption key; And

Generating by the client device a machine readable identifier using the encrypted first data portion and the encrypted second data portion to render on a display accessible by the client device, .

Item 12. The method according to item 11,

The machine readable identifier is a first machine readable identifier, and

The method comprising:

Identifying, by the client device, a second machine-readable identifier in an image captured by a camera in communication with the client device, wherein the second machine-readable identifier is generated by a device different from the client device ;

Identifying, by the client device, encrypted data from the second machine-readable identifier;

Decrypting the encrypted data by the client device using the first encryption key or the second encryption key to identify decrypted data; And

And storing the decrypted data in the data store for access by the client application by the client device.

Item 13. The method according to item 12,

Wherein storing the decrypted data in the data store comprises:

Identifying, by the client device, whether there is a conflict between input data stored in the data store and the decrypted data; And

And storing, by the client device, the decrypted data instead of the input data stored in the data store.

Item 14. The method according to item 11,

Accessing the first data portion from the machine readable identifier using the first encryption key by a first reader device, the first reader device being associated with the first device profile, The key is stored; And

Accessing the second data portion from the machine readable identifier using the second encryption key by a second reader device, the second reader device being associated with the second device profile, And wherein the key is stored.

Item 15. The method according to item 14,

Wherein the first reader device comprises a first imaging device,

Wherein the second reader device comprises a second imaging device,

Wherein the machine readable identifier is captured by the first imaging device or the second imaging device.

Item 16. The method according to item 11,

Further comprising the step of sending the machine readable identifier by the client device to another client device that is different than the client device over the network.

Item 17. The method according to item 11,

Wherein the machine readable identifier is generated using decrypted data from the input data.

Item 18. The method according to item 11,

Wherein a first encryption key associated with the first device profile is received by the client device from at least one remote computing device over the network in response to the selection of the first device profile made at the client device,

Wherein the second encryption key associated with the second device profile is received by the client device from at least one remote computing device over the network in response to the selection of the second device profile made at the client device, .

Item 19. The method according to item 11,

Wherein encrypting the first data portion using the first encryption key and encrypting the second data portion using the second encryption key comprises:

Identifying, by the client device, a first access level associated with the first data portion;

Identifying, by the client device, a second access level associated with the second data portion;

Encrypting, by the client device, the first data portion using the first encryption key based at least in part on the first access level; And

Further comprising: encrypting, by the client device, the second data portion using the second encryption key based at least in part on the second access level,

Wherein the first access level is different from the second access level.

Item 20. The method according to item 11,

Wherein the machine readable identifier is a quick-response (QR) code or bar code.

Item 21. A system, comprising:

A client device comprising at least one hardware processor; And

And a client application executable on the client device,

Wherein the client application, upon execution, causes the client device to:

Wherein the at least one encryption key is used to generate a first machine readable identifier using a first amount of data encrypted using at least one encryption key to render on a display of the client device, Configured to decrypt the data;

Identify a second machine-readable identifier in at least one image captured by the client device;

To decode the second machine-readable identifier to identify a second amount of data encrypted by the reader device using the at least one encryption key;

To decrypt the second amount of data using the at least one encryption key; And

To identify whether there is a conflict between the first amount of data and the second amount of data; Program instructions.

Item 22. The method according to item 21,

Wherein the client application further comprises program instructions that, when executed, cause the client device to perform an operation to resolve the conflict in response to a conflict existing between the first amount of data and the second amount of data. system.

Item 23. The method according to item 21,

Wherein the collision is identified in response to the reader device modifying the first amount of data to generate a second amount of data.

Item 24. The method according to item 22,

The task is:

Displaying information associated with the conflict on a user interface of the client application;

Receiving a selection of the first amount of data or the second amount of data in the user interface; And

In response to the selection, updating the data store of the client device using the selected first amount of data or the selected second amount of data; . ≪ / RTI >

Item 25. The method according to item 22,

Wherein the operation comprises updating the data store of the client device using the second amount of data.

Item 26. The method according to item 21,

Wherein the client application further comprises program instructions for causing the client device to fill at least one field of a user interface in the client application using at least a portion of the second amount of data at runtime.

Item 27. The method according to item 21,

Wherein the first amount of data encrypted using at least one encryption key further comprises a first portion of user input obtained during the acquisition process and a second portion of user input,

Wherein a first portion of the user input is encrypted using a first encryption key accessible by the reader device,

Wherein the second portion of the user input is encrypted using a second encryption key that is not accessible by the reader device.

Item 28. The method according to item 21,

Wherein the machine readable identifier is a quick-response (QR) code or bar code.

Item 29. The method according to item 21,

Wherein the client application further comprises program instructions for causing the client device, upon execution, to receive at least one encryption key from a remote application executing in a remote computing environment over the network.

Item 30. The method according to item 29,

Wherein the remote application executing in the remote computing environment is configured to send the at least one encryption key to the reader device via the network.

Item 31. A computer-implemented method,

Generating a first machine readable identifier using a first amount of data encrypted using at least one encryption key for rendering on a display of the client device by a client device comprising at least one hardware processor, Wherein the reader device in which the at least one encryption key is stored is configured to decrypt the data;

Identifying, by the client device, a second machine-readable identifier in at least one image captured by the client device;

Decoding, by the client device, the second machine-readable identifier to identify a second amount of data encrypted by the reader device using the at least one encryption key;

Decrypting the second amount of data by the client device using the at least one encryption key; And

And identifying, by the client device, whether a conflict exists between the first amount of data and the second amount of data.

Item 32. The method according to item 31,

Further comprising: performing, by the client device, an operation to resolve the conflict in response to a conflict existing between the first amount of data and the second amount of data.

Item 33. The method according to item 31,

Wherein the collision is identified in response to the reader device modifying the first amount of data to generate a second amount of data.

Item 34. The method according to item 32,

The task is:

Displaying, by the client device, information associated with the conflict in a user interface of the client application;

Receiving, by the client device, the selection of the first amount of data or the second amount of data in the user interface; And

Updating, by the client device, the data store of the client device using the selected first amount of data or the selected second amount of data in response to the identified selection; ≪ / RTI >

Item 35. The method according to item 32,

Wherein the operation comprises updating, by the client device, the data store of the client device using the second amount of data.

Item 36. The method of item 31,

Further comprising: filling, by the client device, at least a portion of the user interface in the client application using at least a portion of the second amount of data.

Item 37. The method according to item 31,

Wherein the first amount of data encrypted using at least one encryption key further comprises a first portion of user input obtained during the acquisition process and a second portion of user input,

Wherein a first portion of the user input is encrypted using a first encryption key accessible by the reader device,

And wherein the second portion of the user input is encrypted using a second encryption key that is not accessible by the reader device.

Item 38. The method according to item 31,

Wherein the machine readable identifier is a quick-response (QR) code or bar code.

Item 39. The method according to item 31,

Further comprising receiving, by the client device, at least one encryption key from a remote application executing in a remote computing environment over the network.

Item 40. The method according to item 39,

Wherein the remote application executing in the remote computing environment is configured to send the at least one encryption key to the reader device via the network.

Claims (15)

A client device comprising at least one hardware processor; And
And a client application executable on the client device,
Wherein the client application, upon execution, causes the client device to:
Receiving a first encryption key associated with a first device profile and a second encryption key associated with a second device profile over a network;
Accessing input data in a data store of the client device, the input data being provided through at least one user interface generated by the client application;
Formatting the input data into at least a first data portion and a second data portion;
Encrypting the first data portion using the first encryption key and encrypting the second data portion using the second encryption key; And
Generating a machine readable identifier using the encrypted first data portion and the encrypted second data portion to render on a display accessible by the client device,
Wherein the machine readable identifier is a quick-response (QR) code or bar code. The method according to claim 1,
The machine readable identifier is a first machine readable identifier,
Wherein the client application, upon execution, causes the client device to:
Identifying a second machine-readable identifier in an image captured by a camera in communication with the client device, the second machine-readable identifier being generated by a device different from the client device;
Identifying encrypted data from the second machine readable identifier;
Decrypting the amount of the encrypted data using the first encryption key or the second encryption key to identify decrypted data; And
And storing the decrypted data in the data store for access by the client application. The method of claim 2,
Wherein storing the decrypted data in the data store comprises:
Identifying whether there is a conflict between input data stored in the data store and the decrypted data; And
And storing the decrypted data instead of the input data stored in the data repository. The method according to claim 1,
A first reader device associated with the first device profile in which the first encryption key is stored; And
And a second reader device associated with the second device profile in which the second encryption key is stored,
Wherein the first reader device is configured to access the first data portion in the machine readable identifier using the first encryption key,
And the second reader device is configured to access the second data portion in the machine readable identifier using the second encryption key. The method of claim 4,
Wherein the first reader device comprises a first imaging device,
Wherein the second reader device comprises a second imaging device,
Wherein the machine readable identifier is captured by the first imaging device or the second imaging device. The method according to claim 1,
Wherein the client application further comprises program instructions that, when executed, cause the client device to perform the step of sending the machine-readable identifier to another client device that is different than the client device. The method according to claim 1,
Wherein the machine readable identifier is generated using decrypted data from the input data. The method according to claim 1,
Wherein the first encryption key associated with the first device profile is received by the client device from at least one remote computing device over the network in response to the selection of the first device profile made at the client device,
Wherein a second encryption key associated with the second device profile is received by the client device from at least one remote computing device over the network in response to the selection of a second device profile made at the client device. The method according to claim 1,
Wherein encrypting the first data portion using the first encryption key and encrypting the second data portion using the second encryption key comprises:
Identifying a first access level associated with the first data portion;
Identifying a second access level associated with the second data portion;
Encrypting the first data portion using the first encryption key based at least in part on the first access level; And
Further comprising encrypting the second data portion using the second encryption key based at least in part on the second access level,
The first access level being different from the second access level. A client device comprising at least one hardware processor; And
And a client application executable on the client device,
Wherein the client application, upon execution, causes the client device to:
Generating a first machine-readable identifier using a first amount of data encrypted using at least one encryption key to render on a display of the client device, wherein the reader device having the at least one encryption key stored therein The data being configured to decrypt the data;
Identifying a second machine-readable identifier in at least one image captured by the client device;
Decoding the second machine readable identifier to identify a second amount of data encrypted by the reader device using the at least one encryption key;
Decrypting the second amount of data using the at least one encryption key; And
And identifying whether there is a conflict between the first amount of data and the second amount of data. The method of claim 10,
Wherein the client application comprises program instructions for causing the client device to perform a task of resolving the conflict in response to a conflict existing between the first amount of data and the second amount of data, Further,
The task is:
Displaying information associated with the conflict on a user interface of the client application;
Receiving a selection of the first amount of data or the second amount of data in the user interface; And
In response to the selection, updating the data store of the client device using the selected first amount of data or the selected second amount of data; ≪ / RTI > The method of claim 11,
Wherein the operation further comprises updating the data store of the client device using the second amount of data. The method of claim 10,
Wherein the client application further comprises program instructions that, when executed, cause the client device to perform the step of populating at least one field of the user interface in the client application using at least a portion of the second amount of data. . The method of claim 10,
Wherein the first amount of data encrypted using at least one encryption key further comprises a first portion of user input obtained during the acquisition process and a second portion of user input,
Wherein a first portion of the user input is encrypted using a first encryption key accessible by the reader device,
Wherein the second portion of the user input is encrypted using a second encryption key that is not accessible by the reader device. The method of claim 10,
Wherein the client application further comprises program instructions that, when executed, cause the client device to perform the step of receiving at least one encryption key from a remote application executing in a remote computing environment via the network.

Images